package jdbc;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

/**
 * 预编译防止SQL注入
 */
public class JDBCDemo7 {
    public static void main(String[] args) throws SQLException {
        Connection connection = DBUtil.getConnection();
        String sql = "SELECT username, password, nickname, age " +
                "FROM userinfo " +
                "WHERE username = ? AND password = ?";
        PreparedStatement preparedStatement = connection.prepareStatement(sql);
        String username = "李四";
//        String password = "1' OR '1' = '1";
        String password = "123456";
        preparedStatement.setString(1, username);
        preparedStatement.setString(2, password);
        ResultSet resultSet = preparedStatement.executeQuery();
        while (resultSet.next()) {
            username = resultSet.getString("username");
            password = resultSet.getString("password");
            String nickname = resultSet.getString("nickname");
            int age = resultSet.getInt("age");
            System.out.println(username + "," + password + "," + nickname + "," + age);
        }
    }
}
